Most are rather dumb. They will encrypt standard file types such as jpg and doc, but leave really critical stuff (qbw, pst, etc) alone. I guess the writers, not knowing what files being encrypted in a user profile might brick a machine only go for easy targets. They will readily encrypt any attached drive as well, following the same ruleset. If your backup program stores in a standard
.zip or in the clear, it will be encrypted too. The best safety net is an online backup that does versioning so you can roll back to pre-infection versions of files.
One last note, in about 5%-10% of the cases I have worked on, I was able to recover files from VSS. Most of these variants attempt to disable VSS and delete the shadow copies, but they either are not successful or do it slowly. Yanking the drive from the running environment and looking at it with shadow explorer on a clean box can sometimes save some data.
Here in the US Cryptorbit variants seem to be the most frequent I see (cryptodefense, cryptolocker, howdecrypt, etc). They have really exploded in the past month. A recent fake ADP email that was making it through spam filters was responsible for a lot. The linked site downloaded a zip containing an exe with an adobe pdf icon. If you have a suspect exe, see if it has been analyzed n malwr.com and you can get a good breakdown of its precise behavior.